Download the PHP package shone/scanner without Composer

On this page you can find all versions of the php package shone/scanner. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package scanner

shone-phar

Build Status SensioLabsInsight Coverage Status Latest Stable Version License

A command-line tool for interacting with the Shone Web Scanner API.

Getting started

To perform scans you will need to create a free account on https://www.shone.co.za/

To get an API Key, log into your account and go to the API tab (https://www.shone.co.za/client/api)

The easiest way is to just download the phar file and get started

$ wget raw.github.com/xsist10/shone-phar/master/shone.phar && chmod +x shone.phar

Alternatively you can use composer

{
    "require": {
        "shone/scanner": "1.0.*@dev"
    }
}

To install the phar globally, do the following:

$ mv shone.phar /usr/local/bin/shone

Updating the phar

If you are using the shone.phar file, you can update it to the latest version by running the following command:

$ ./shone.phar self-update

Setting up your configuration

There are some basic settings that make it easier to use the tool. It's recommended to set your API key at the start (the configuration file will be stored in your home folder ~/shone.json or similar location).

# Set the API key so you don't need to declare it everywhere
$ ./shone.phar set-config --key "[API KEY]"

# This is not recommended
$ ./shone.phar set-config  --common-checksum=0 --no-cert-check=1

Using the scanner

Local file system

You can scan a web directory like this

$ ./shone.phar scan --key "[API KEY]" --label "Website Label" /path/to/web/folder

or if you prefer to use the code directly (remember to run composer update first)

$ ./bin/shone scan --key "[API KEY]" --label "Website Label" /path/to/web/folder

If everything went ok you should be provided with a URL to find the result of your scan

Finger a local file

You can find out what software package a file belongs to by running the fingerprint command:

$ ./shone.phar fingerprint --key "[API KEY]" /path/to/file

Expected result:

Result: 11 matches found
+----------+-----------+------------+
| Software | Version   | Status     |
+----------+-----------+------------+
| Joomla!  | 2.5.9     | Vulnerable |
| Joomla!  | 2.5.9     | Vulnerable |
| Joomla!  | 2.5.11    | Vulnerable |
| Joomla!  | 2.5.10    | Vulnerable |
| Joomla!  | 2.5.12    | Vulnerable |
| Joomla!  | 2.5.14    | Vulnerable |
| Joomla!  | 2.5.13    | Vulnerable |
| Joomla!  | 2.5.16    | Secure     |
| Joomla!  | 2.5.15    | Secure     |
| Joomla!  | 2.5.17.rc | Secure     |
| Joomla!  | 2.5.17    | Secure     |
+----------+-----------+------------+

Remote file system

You can scan a remote web directory via FTP like this:

$ ./shone.phar ftpscan --username [USERNAME] --password --key="[API KEY]" --label "Website Label" [FTP HOST] /path/to/web/folder

There are a number of additional FTP options which will be listed if you run:

$ ./shone.phar ftpscan --help

Getting results

Get one job result

When you submit a job to the API, you will get a URL that will link directly to your scan result. You can also use the hash value to pull the result via the API like this:

$ ./shone.phar job --hash="[HASH]"

Expected result:

Found 2 results.

Path: /
+----------+---------+------------+-------+--------+
| Software | Version | Status     | Risk  | Match  |
+----------+---------+------------+-------+--------+
| Joomla!  | 2.5.10  | vulnerable | 10/10 | 97.00% |
| Joomla!  | 2.5.11  | vulnerable | 10/10 | 96.00% |
| Joomla!  | 2.5.12  | vulnerable | 10/10 | 94.00% |
| Joomla!  | 2.5.13  | vulnerable | 10/10 | 94.00% |
| Joomla!  | 2.5.14  | vulnerable | 7/10  | 94.00% |
+----------+---------+------------+-------+--------+

Path: media/editors/tinymce/jscripts/tiny_mce
+----------+---------+--------+------+--------+
| Software | Version | Status | Risk | Match  |
+----------+---------+--------+------+--------+
| tinymce  | 3.5.2   | secure | N/A  | 10.00% |
| tinymce  | 3.5.3   | secure | N/A  | 10.00% |
| tinymce  | 3.5.4   | secure | N/A  | 10.00% |
| tinymce  | 3.5.4.1 | secure | N/A  | 10.00% |
| tinymce  | 3.5.3.1 | secure | N/A  | 10.00% |
+----------+---------+--------+------+--------+

Get recent jobs

You can pull the jobs for the month by calling this:

$ ./shone.phar job --key="[API KEY]"

Expected result:

Found 1 job(s).

+------------+----------------------------------+------------+----------+------------------------------------------------------+
| Date       | Job                              | Status     | Severity | Details                                              |
+------------+----------------------------------+------------+----------+------------------------------------------------------+
| 2014-04-13 | 14dd8544av1f6f2ea1d55319625f7744 | vulnerable | 10/10    | 2 bundle(s) found in 4444 file(s) on xxx.xxx.xxx.xxx |
+------------+----------------------------------+------------+----------+------------------------------------------------------+

You can search for the latest scan for a particular label by using the label flag

$ ./shone.phar job --key="[API KEY]" --label="Website Label"

Compiling the phar

You'll can recompile the phar by calling:

$ ./bin/compile && chmod +x shone.phar

You can then copy the phar to any server or directory you wish and use it as a stand-alone executable.

More information

For more information run:

$ ./shone.phar

Using the library directly

If you wish to write your own code to use the Shone API, you can use the library directly like this:

Contributing

Please see CONTRIBUTING for details.

Bitdeli Badge


All versions of scanner with dependencies

PHP Build Version
Package Version
Requires php Version >=5.3.2
symfony/console Version ~2.3@dev
symfony/process Version ~2.1@dev
symfony/finder Version 2.5.*@dev
league/flysystem Version 0.2.*
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package shone/scanner contains the following files

Loading the files please wait ....